Data Management: Transparency and control
In the processing and control of network’s member data, transparency is paramount to us(the AI network).
Beyond the following actions of voluntary members of the subscribed membership activity of the Foundation, this policy lays down the fundamental principles of safe processing and control of member's data:
a. Moderation of member messages on the Foundation's public forums
b. Privacy controls and triggers on members' space include 2 factor login authentications, Invite-only subscriptions, actions on inactive member profiles, etc.
HELP TEXT:
The Foundation has instituted the following platforms for open communication and public-facing communication records by the community members.
A. Data Privacy and data residency policy for E Residents on the Contributions Delivery Subnet
Public and private channels on the Foundation's Slack Memberspace
Foundation's Discord Server
Private and Public Mailing Lists of the Foundation’s projects
Open Constitution Member Console
CouncilPost Channels of Foundation
Decentralised Comm Network and Content Delivery Network of Foundation - Second.Exchange
Foundation‘s General Public Discussion Platforms
Project and Topic-based Telegram broadcast forums, maintained by Council & Committees of Open Constitution.
Foundation's Open Engineering Work Management
Foundation's public repository, GitHub Actions
B. Data Residency and data residency policy for E Residents b/w services of the Open Constitution AI network
B1. Data Residency for Projects tenancy deployed under a program at TRL 9
B2. Data residency policies for inter services exchange
Website(s) and services, including connected third-party services;
https://finscale.org, and any subdomains thereof
https://finscale.biz, and any subdomains thereof
https://finscale.net, and any subdomains thereof
https://open-bank.org, and any subdomains thereof
https://open-bank.net, and any subdomains thereof
https://bitrupee.net, and any subdomains thereof
https://openbounty.net, and any subdomains thereof
Digital Campus and any subdomains thereof
https://muellnersfoundation.org and any subdomains thereof
https://muellnersfoundation.info and any subdomains thereof
https://opensource.exchange and any subdomains thereof
https://openconstitution.ai and any subdomains thereof
https://openconstitution.us and any subdomains thereof
https://open-bank.net , and any subdomains and custom domains thereof e.g project.open-bank.net
https://upscalearts.org and any subdomains thereof
https://upscalearts.com and any subdomains thereof
CouncilPost and any subdomains thereof
https://councilpost.org and any subdomains thereof
https://councilpost.net and any subdomains thereof
https://councilpost.biz and any subdomains thereof
https://councilpost.info and any subdomains thereof
https://councilpost.us and any subdomains thereof
https://openbounty.us and any subdomains thereof
https://openbounty.info and any subdomains thereof
https://openbounty.biz and any subdomains thereof
Third Party/Other uniform resource locators(URLs) where Forms or (both web browser and mobile) applications are hosted to collect confidential information and are generated through third-party services(Slack, Discord, Facebook, Twitter, Linkedin, Discourse, Gitbook, Atlassian, Github, Google Calendar, Telegram Broadcast channels, Stripe), either directly shared to you by the Foundation on its own or public platforms of communication
This data protection framework covers a list of Third-Party Legal Bodies and 'Your' usage of the connected services.
Atlassian Inc., Google Inc., Slack Inc., Microsoft Inc., Github Inc. , Gitbook Inc., Salesforce Inc., , Canva Pty Ltd., Amazon Web Services Inc. Docusign Inc., Stripe Inc
These organisations support Open Constitution's digital public goods and services with generous grants and non-profit programs.
Subscribed Membership is an 'invite only'
The following data is received by the Foundation to create a guest account:
Email account
Name, Phone no.
Social media accounts of members
Verified citizens of Open Constitution gain access to the "citizen" and generally full rights to the Foundation's different communication channels.
Once, an account is created, subscribed member posts on both private and public forums of the Foundation's community.
Members must follow the Foundation's code of conduct, guiding principles, and moderation policy when expressing their statements in the community.
The following types of data are classified for all membership activity:
Data attributable to the Foundation's public-facing records on its public forums.
Data attributable to the Foundation's ongoing project discussion and thus attributable to the Foundation's public-facing records in a documentation release.
Private and non-public personal information(NPPI).
Explicit Personal Expression of a Member of the Foundation's Community.
Third-party data.
For all subscribed membership activity on the above communications system of Foundation:
a. The subscribed membership activity on any of the above communication platforms & member's privacy is protected and governed foremost by privacy laws of EU's GDPR & subsequently Internet privacy laws of Denmark.
The foundation also complies with relevant third-party vendor license terms, as accorded by the service provider of the specific communications platform.
If any member wishes to complain about privacy violation or any other code of conduct violation on any of the above communication systems, please write to the Trust Governance Center.
Read about Moderation Guidelines here.
Read about How not to spam the public forums of the Foundation here.
Read the list of Sensitivity here.
Data Management: Transparency and control
In accordance with Article 5 of GDPR,
a Foundation is responsible for processing personal data in a lawful, fair and transparent way.
b. Foundation shall only process personal data for a limited and specific purpose.
c. Foundation shall only process the personal data that is necessary for its purposes.
d. Foundation shall ensure that the personal data it is processing is accurate and up-to-date.
e. Foundation shall store personal data only for as long as is necessary.
f. Foundation shall keep personal data safe and confidential.
g. Foundation shall be accountable for how it processes personal data.
For the purposes of this policy; What does “processing” mean?
“collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”
Foundation uses the following criteria(s) as the lawful bases for processing its member’s data:
a. Consent - the member has freely permitted the Foundation to process their data. The consent is digitally recorded e.g. when a member creates a Trust Account or by joining Foundation Slack or discord server or signs up on a web URL which takes the member to the Foundation’s communication systems.
b. Contract—The member has voluntarily signed up and joined the membership space, and the Foundation needs to process their data to carry out and maintain subscribed membership activities within the Foundation’s guidelines.
c. Legal obligation - the law requires the Foundation to process the member's data in a particular way: i.e. for records, audit, moderation of hatred, and free speech on its public forums and community space.
d. Legitimate interest—The Foundation is processing a member's data to protect its statutory compliance with the laws governing its statutory existence in accordance with the business laws of Denmark.
Data Protection Officer(s): Voluntarily organised Foundation members appoint moderators from the community who uphold the community’s Code of Conduct.
Data Processor: Finscale ApS is appointed by the Foundation as the processor of the data controller, Foundation. Please read Finscale ApS's data processing policy here.
List of Other Third Party Data Processors and link to their data processing agreements, whose compliance is binding on the Foundation, when the Foundation accesses the license to use these third-party services:
Slack, Slack Inc.
Hubspot, Hubspot Inc.
Google Workspace, Google, Inc.
IBM, Inc.
Atlassian, Inc.
Zoho Corporation Pvt Ltd, India
Cloudflare, Inc.
Microsoft Inc.
Github Inc.
AWS Inc.
Civilized Discourse Construction Kit, Inc.
Docusign Inc.
Salesforce Inc.
Stripe Inc.
The Foundation may at times act as a data processor for another Data Controller, such as an Open Constitution Partner organisation. If your organisation is a network tenant in the Open Constitution AI network E Tenancy Program, please read the Data Protection clauses in the partner agreement that cover your organisation's rights.
It is important to note that when members from your organisation sign up independently on the Foundation’s member space, their data protection is governed exclusively by this data protection policy.
Current Data Residency of the Foundation: Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), US East (N. Virginia), US West (Oregon)
Relevant LEGAL Resources for community references:
DENMARK: Danish Data Protection Act(in English)
INDIA: PROPOSED LEGISLATION: THE DIGITAL PERSONAL DATA PROTECTION BILL, 2022, India
Grievance Panels or Data Protection Authorities:
(in jurisdictions where the network's collective sentience data is hosted)
INDIA: https://gac.gov.in
READ THE FULL TEXT OF THE DATA PROTECTION NOTICE HERE: